[jetty-users] Fwd:

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-users] Fwd:

From: Udaya Bhaskar Chimakurthy <csudaya@xxxxxxxxx>
Date: Fri, 25 Mar 2022 05:43:38 +0530
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jetty-users/>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Hi Team –

Qualys Tool is launching scan with JNDI injection and jetty server is throwing below exception . Refer the pcap trace

Would like to receive inputs on how to handle the below urls

lab2-sjc-lb02 lab2-sjc-lb02 2022-03-01 17:47:50,799 [pool-149-thread-1] WARN o.e.j.server.AbstractHttpConnection - ${jndi:dns://10.58.98.164:34424/QUALYSTEST}
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
at java.lang.String.substring(String.java:1967)
at org.ops4j.pax.web.service.spi.model.ServerModel.matchPathToContext(ServerModel.java:338)
at org.ops4j.pax.web.service.spi.model.ServerModel.matchPathToContext(ServerModel.java:288)
at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:69)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:364)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:942)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1004)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:640)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)

at java.lang.Thread.run(Thread.java:748)

Attachment: wireshark_jndi.png
Description: PNG image

Follow-Ups:
- Re: [jetty-users] [jetty-dev] Fwd:
  - From: Joakim Erdfelt

Prev by Date: Re: [jetty-users] Looking for update site with all Jetty bundles with same version as the one installed in current Eclipse release
Next by Date: Re: [jetty-users] [jetty-dev] Fwd:
Previous by thread: [jetty-users] Fwd:
Next by thread: Re: [jetty-users] [jetty-dev] Fwd:
Index(es):
- Date
- Thread

Breadcrumbs